Network and node for providing a secure transmission of mobile application part messages

ABSTRACT

According to the present invention a telecommunication network with a first domain (PLMN-A) comprising at least one mobile application part protocol instance is connected to a gateway node (MSEGA) which is adapted to send and receive mobile application part messages and which is connectable to a second domain. The telecommunication network is remarkable in that the gateway node (MSEGA) is adapted to receive a mobile application part message from the first domain, to convert the received mobile application part message obtaining a secured mobile application part message, and to send the obtained message to the second domain. The gateway node (MSEGA) is further adapted to receive a secured mobile application part message from the second domain, to extract an unsecured mobile application part message from the received secured mobile application part message and to send the extracted message to the first domain.

This application is a continuation of U.S. application Ser. No.10/595,447, filed Feb. 22, 2007, now pending, which was the NationalStage of International Application No. PCT/EP03/11609, filed Oct. 31,2003, which claims the benefit of German Application No. 103 50 226.2,filed Oct. 27, 2003, the disclosure of which is incorporated herein byreference.

FIELD OF INVENTION

The invention relates to a network and a node for providing a securetransmission of mobile application part messages.

DESCRIPTION OF PRIOR ART

The invention is related to a protocol layer for encrypting anddecrypting messages according to the mobile application part (MAP)protocol. The MAP protocol is an application protocol in the protocolstack according to the signaling system number 7 (SS7). The MAP protocolthat has been developed for mobile networks according to the GlobalSystem for Mobile Communications (GSM) standard. The MAP protocol isused for querying databases in GSM networks, such as a Visitor LocationRegister (VLR) or a Home Location Register (HLR). The transmission ofMAP messages can be secured by an encrypting of a MAP message at asending node and a decrypting of a MAP message in a receiving node.Encrypting and decrypting of MAP messages is part of a MAP applicationlayer security that is described in the technical specification (TS)33.200 of the third generation partnership project (3GPP).

Currently the need to secure the transmission of MAP messages has becomeprominent in networks which are commonly used by operators among which arelationship of trust has not yet been developed to a full extend.

According to the state of the art a unit for encrypting and decryptingMAP messages and a MAP protocol instance are implemented on a commonphysical node. This is not flexible and this is related to largeimplementation costs if the MAP application layer security is introducedin a network comprising a large number of different network nodes.

OBJECT OF THE INVENTION

Therefore it is object of the invention to overcome the shortcomings ofthe state of the art and to provide a flexible and cost-efficientimplementation of the MAP application layer security.

SUMMARY OF THE INVENTION

This object is solved by the method of claim 1. The invention is alsoembodied in a gateway node according to claim 7. Advantageousembodiments are described in the dependent claims.

According to the present invention a telecommunication network with afirst domain comprises at least one mobile application part protocolinstance connected to a gateway node which is adapted to send andreceive mobile application part messages and which is connectable to asecond domain. The telecommunication network is remarkable in that thegateway node is adapted to receive a mobile application part messagefrom the first domain, to convert the received mobile application partmessage obtaining a secured mobile application part message, and to sendthe obtained message towards the second domain. The gateway node isfurther adapted to receive a secured mobile application part messagefrom the second domain, to extract an unsecured mobile application partmessage from the received secured mobile application part message and tosend the extracted message towards the first domain.

This provides a flexible method to, implement mobile application partapplication layer security, as a further mobile application partprotocol instance can be easily added to the first domain. Further acost efficient implementation of mobile application part applicationlayer security is provided for a first domain comprising different kindsof network nodes on which the mobile application part protocol isimplemented.

In a further embodiment of the telecommunication network the gatewaynode is connectable to a third domain and the gateway node performs aselective discarding of mobile application part messages received fromthe first domain and destined for the third domain and a selectivediscarding of mobile application part messages received from the thirddomain and destined for the first domain.

By this a secured communication is provided by the gateway node towardsdifferent domains. Also a basic level of security can be provided by thegateway node if unencrypted messages are transmitted in the thirddomain.

In another embodiment of the telecommunication network, the gateway nodeperforms as a firewall towards the third domain.

In an advantageous embodiment of the telecommunication network thegateway node is connectable to different domains, and levels of securityare configurable for the different domains. By this a securecommunication can be provided by the gateway node in a flexible way.

In an advantageous embodiment of the telecommunication network a levelof security is configurable for one domain independently from aconfiguring of a level of security for another domain. By this a securecommunication can be provided by the gateway node in a flexible way.

In a further advantageous embodiment of the telecommunication networkfor a particular domain a fallback to a lower level of security than theconfigured level of security for the particular domain is allowable andthe allowing of the fallback to the lower level of security isconfigurable for one domain independently from a configuring of anallowing of a respective fallback to a lower level of security level foranother domain.

By this a fallback to a lower level of security can be allowed accordingto a level of trust towards a domain. This provides a flexible andsecure way to connect the first domain to different other domains of thetelecommunication networks.

In another embodiment of the invention a gateway node comprises aninterface to a first domain of a telecommunication network for sendingand receiving mobile application part messages. The gateway node isremarkable in that it comprises an interface to a second domain of thetelecommunication network for sending and receiving secured mobileapplication part messages. The gateway node further comprises aconversion unit that is adapted to receive a mobile application partmessage via the interface to the first domain, to convert the receivedmobile application part message obtaining a secured mobile applicationpart message, and to send the obtained message via the interface towardsthe second domain. The conversion unit is further adapted to receive asecured mobile application part message via the interface to the seconddomain, to extract an unsecured mobile application part message from thereceived secured mobile application part message and to send theextracted message via the interface towards the first domain.

This provides a flexible method to implement mobile application partapplication layer security, as a further mobile application partprotocol instance can be easily added to the first domain. Further acost efficient implementation of mobile application part applicationlayer security is provided for a first domain comprising different kindsof network nodes on which the mobile application part protocol isimplemented.

In a further embodiment of the gateway node, the gateway node comprisesan interface to a third domain for sending and receiving mobileapplication part messages and a filtering unit adapted to perform aselective discarding of mobile application part messages.

By this a secured communication is provided by the gateway node towardsdifferent domains. Also a basic level of security can be provided by thegateway node if unencrypted messages are transmitted in the thirddomain.

In another advantageous embodiment of the gateway node the gateway nodeperforms as a firewall towards the third domain.

In a further advantageous embodiment of the gateway node, the gatewaynode is connectable to different domains, and the gateway node comprisesa security database for storing indications of levels of security forthe different domains. By this a secure communication can be provided bythe gateway node in a flexible way.

In another advantageous embodiment of the gateway node, a level ofsecurity is configurable for one domain independently from a configuringof a level of security for another domain. By this a securecommunication can be provided by the gateway node in a flexible way.

In a further advantageous embodiment of the gateway node, the gatewaynode comprises a fallback store for storing for a particular domain anindication that a fallback to a lower level of security than theconfigured level of security for the particular domain is allowable andthe allowing of the fallback to the lower level of security isconfigurable for one domain independently from an allowing of arespective fallback to a lower level of security for another domain.

By this a fallback to a lower level of security can be allowed accordingto a level of trust towards a domain. This provides a flexible andsecure Way to connect the first domain to different other domains of thetelecommunication network.

BRIEF DESCRIPTION OF THE DRAWINGS

The following figures show:

FIG. 1 depicts a telecommunication communication network providing atransmission of mobile application part messages between a first domainand further domains, in which different kinds of security mechanisms areprovided

FIG. 2 depicts an architecture of a gateway node for converting areceived MAP message obtaining a secured MAP message, and for extractingan unencrypted MAP message from a secured MAP message.

FIG. 3 depicts a flow chart comprising decision steps and processingsteps that are performed during a set up of a secure communicationchannel.

DETAILED DESCRIPTION OF EMBODIMENTS

In the following the invention is described in more detail by means ofembodiments and figures. Equal reference signs indicate equal elements.

FIG. 1 depicts a telecommunication network comprising a first domainPLMN-A, a second domain PLMN-B, a third domain PLMN-E, a fourth domainPLMN-C, and a fifth domain PLMN-D. A domain can be e.g. a sub-networkand the different domains can be sub-networks operated by differentnetwork operators.

The different domains of the telecommunication network comprise networknodes on which protocol instances of the MAP (mobile application part)protocol are implemented. Communication channels between network nodesthat are secured in that MAP messages are transmitted as MAP securitymessages are depicted as continuous thick lines. Communication channelsbetween network nodes via which mobile application part messages aretransmitted as unsecured messages are depicted as continuous thin lines.Connections for exchanging keys for encryption or decryption and otherkinds of security information used for a mobile application parttransport layer security are depicted as dashed double-headed arrows.Connections for providing security information by a security database toa network node on which a mobile application part protocol instance isimplemented are depicted as dotted lines.

The first domain PLMN-A comprises a first and a second network node NEA1and NEA2 on which MAP protocol instances are installed. The first domainPLMN-A is regarded as a secure domain of the telecommunication network.Therefore no encryption is applied to the MAP messages and unencryptedMAP messages can be exchanged by the MAP protocol instances within thefirst domain PLMN-A.

To provide a connecting of the MAP protocol instances in the firstdomain PLMN-A to other MAP protocol instances in the other domains ofthe telecommunication network, the first and the second network nodeNEA1 and NAE2 are connectable to other network nodes via a first gatewaynode MSEGA. MAP messages from MAP protocol instances in the first domainPLMN-A to MAP protocol instances in the other domains are routed withinthe first domain PLMN-A towards the first gateway node MSEGA.Accordingly encrypted MAP messages and unencrypted MAP messages. fromother domains are routed towards the MAP protocol instances in the firstdomain via the first gateway node MSEGA.

The first gateway node MSEGA provides an encrypting of MAP messagesreceived from protocol instances within the first domain PLMN-A whereinthe encrypting complies with the MAP application layer security.Encrypted messages obtained by said encrypting comply with the MAPapplication layer security. Accordingly the first gateway node MSEGAprovides a decrypting of secured MAP messages the content of which isdestined to MAP protocol instances in the first domain PLMN-A and thatare received from domains of the telecommunication network other thanthe first domain PLMN-A. Decrypted messages obtained by said decryptingcomply with the MAP protocol.

In an advantageous embodiment of the first gateway node MSEGA the firstgateway node MSEGA comprises a security database storing and providingsecurity information used for the encryption of MAP messages and thedecryption of secured MAP messages. Such security information compriseskeys for encrypting MAP massages, keys for decrypting secured MAPmessages and security policies to be applied. To provide an exchangingof said security information the first gateway node MSEGA is connectedto other databases storing and providing security information. Inparticular the security database within the first gateway node MSEGA isconnected to a security database in a second gateway node MSEGB via afirst security information exchange connection IKEC_AB. Moreover thesecurity database within the first gateway node MSEGA is connected to afirst security database KACC in the fourth domain PLMN-C via a secondsecurity information exchange connection IKEC_AC and to a secondsecurity database KACE in the third domain PLMN-E via a third securityinformation exchange connection IKEC_AE.

The second domain PLMN-B comprises a third and a fourth network nodeNEB1 and NEB2, that are connected to the first and the second networknode NEA1 and NEA2 in the first domain PLMN-A via the second gatewaynode MSEGB. The third and the fourth network node NEB1 and NEB2 eachcomprise MAP protocol instances. The second domain PLMN-B is regarded asa secure domain of the telecommunication network. Therefore noencryption is applied to the MAP messages within the second domain andunencrypted MAP messages can be exchanged by the MAP protocol instanceswithin the second domain PLMN-B. A transmission of secured MAP messagesbetween the first gateway node MSEGA and the second gateway node MSEGBis provided for by the first secured transmission channel SC_AB.

MAP messages from the second domain PLMN-B to other domains are routedvia the second gateway node MSEGB and secured MAP messages towards thesecond domain PLMN-B are accordingly routed via the second gateway nodeMSEGB. As a transmission of unencrypted messages between the first andthe second domain PLMN-A and PLMN-B is not regarded as secure, MAPmessages between the first and the second domain PLMN-A and PLMN-B aretransmitted as encrypted MAP messages via the first secured transmissionchannel SC_AB. Therefore a MAP message form a protocol instance in thefirst domain PLMN-A to a protocol instance in the second domain PLMN-Bis routed in the first domain PLMN-A towards the first gateway nodeMSEGA. The MAP message is received in the first gateway node MSEGA,encrypted applying encryption complying with the MAP application layersecurity and sent as encrypted MAP message via the first securedtransmission channel SC_AB to the second gateway node MSEGB within thesecond domain PLMN-B. The encrypted MAP message is decrypted in thesecond gateway node MSEGB obtaining a MAP message comprising the contentof the original MAP message sent in the first domain PLMN-A. Theobtained MAP message is routed in the second domain PLMN-B towards a MAPprotocol instance terminating the MAP message.

Accordingly a MAP message from a MAP protocol instance in the seconddomain PLMN-B and destined for a MAP protocol instance in the firstdomain PLMN-A is routed in the second domain PLMN-B towards the secondgateway node MSEGB, encrypted obtaining a secured MAP message which istransmitted via the first secured transmission channel SCAB to the firstgateway node MSEGA in the first domain PLMN-A. In the first gateway nodeMSEGA the secured MAP message is decrypted obtaining a MAP messagecomprising the content of the original MAP message sent in the seconddomain PLMN-B. The obtained MAP message is routed in the first domainPLMN-A towards a destination MAP protocol instance that terminates theMAP message.

The fourth domain PLMN-C of the telecommunication network comprises afifth and a sixth network node NEC1 and NEC2, on each of which a MAPprotocol instance and a conversion unit for MAP message encryption anddecryption are installed. The MAP protocol instance in the fifth and thesixth network node NEC1 and NEC2 respectively are connected to the firstgateway node MSEGA via a second and a third secured transmission channelSCAC1 and SC.sub.13 AC2 respectively. The fourth domain PLMN-C furthercomprises a first security database KACC storing and providing securityinformation used for the encryption of MAP messages and the decryptionof secured MAP messages. The first security database KACC providessecurity information to the conversion units in the fifth and the sixthnetwork node NEC1 and NEC2. To provide an exchanging of securityinformation the first security database KACC is connected to thesecurity database in the first gateway node MSEGA via a second securityinformation exchange connection IKEC_AC.

Either the transmission of unencrypted MAP messages in the fourth domainPLMN-C or the transmission of unencrypted MAP messages from the fourthdomain PLMN-C to other domains e.g. to the first domain PLMN-A is notregarded secure. MAP messages between MAP protocol instances in thefirst domain PLMN-A and MAP protocol instances in the fourth domainPLMN-C are therefore encrypted and transmitted as secured MAP messages.Message encryption and decryption for the MAP protocol instances in thefifth and the sixth network node NEC1 and NEC2 is performed by therespective conversion units in the fifth and the sixth network node NEC1and NEC2 respectively. The transmission of secured MAP messages betweenthe first and the fourth domain, PLMN-A and PLMN-C shows that theinvented solution is compatible with the implementation of MAPapplication layer security according to the state of the art, in which aconversion unit for MAP message encryption and decryption is providedfor every MAP protocol instance.

In the following the encryption and decryption of MAP messages betweenthe fourth and the first domain PLMN-C and PLMN-A shall be described bythe example of the MAP protocol instances in the first and the fifthnetwork node NEA1 and NEC1. A MAP message from the MAP protocol instancein the fifth network node NEC1 destined to the MAP protocol instance inthe first network node NEA1 is forwarded in the fifth network node NEC1to the conversion unit in the fifth network node NEC1 and encryptedobtaining a secured MAP message. The obtained secured MAP message issent via the second secured transmission channel SC-AC1 to the firstgateway node MSEGA. The encrypted MAP messages is decrypted in the firstgateway node MSEGA obtaining a MAP message comprising the content of theoriginal MAP message sent by the MAP protocol instance in the fifthnetwork node NEC1. The obtained MAP message is routed in the firstdomain towards the MAP protocol instance in the first network node NEA1terminating the MAP message.

Accordingly a MAP message from the MAP protocol instance in the firstnetwork node NEA1 destined for the MAP protocol instance in the fifthnetwork node NEC1 is routed in the first domain PLMN-A towards the firstgateway node MSEGA and encrypted obtaining a secured MAP message. Theobtained secured MAP message is transmitted via the second securedtransmission channel SC_AC1 to the conversion unit in the fifth networknode NEC1. The conversion unit in the fifth network node NEC1 decryptsthe received secured MAP message obtaining a MAP message that comprisesthe content of the original MAP message sent in the first domain PLMN-A.The obtained MAP message is handed over by the conversion unit in thefifth network node NEC1 to the MAP protocol instance in the fifthnetwork node NEC1.

The fifth domain PLMN-D of the telecommunication network comprises aseventh and an eighth network node NED1 and NED2, on each of which a MAPprotocol instance is installed. The seventh and the eighth network nodeNED1 and NED2 are connected to the first gateway node MSEGA in the firstdomain PLMN-A via a first and a second unsecured communication channelUSC_AD1 and USC_AD2. To provide a basic level of security, the firstgateway node MSEGA performs a selective discarding of MAP messagesreceived from the first domain PLMN-A and destined for the fifth domainPLMN-D and a selective discarding of mobile application part messagesreceived from the fifth domain PLMN-D and destined for the first domainPLMN-A. In an advantageous embodiment the selective discarding is basedon an address in a MAP message or a type of a MAP message. The selectivediscarding can be implemented in that the first gateway node MSEGAperforms as a firewall towards the fifth domain PLMN-D.

The third domain PLMN-E of the telecommunication network comprises aninth network node NEE1 on which a MAP protocol instance and aconversion unit for MAP message encryption and decryption are installedand a tenth network node NEE2, on which a MAP protocol instance isinstalled. The ninth network node NEE1 is connected to the first gatewaynode MSEGA via fourth secure communication channel SC_AE, for whichsecurity information is provided by a third security database KACE andexchanged between the third security database KACE and the securitydatabase in the first gateway node MSEGA via a third securityinformation exchange connection IKEC_AE. The tenth network node NEE2 isconnected to the first gateway node MSEGA in the first domain PLMN-A viaa third unsecured communication channel USC_AE. To provide a basic levelof security for unencrypted MAP messages exchanged between the firstgateway node MSEGA and network nodes in the third domain PLMN-E thefirst gateway node MSEGA performs a selective discarding of MAP messagestowards the third domain PLMN-E. As described for the MAP messagestowards the fifth domain PLMN-D, the selective discarding can be basedon an address or a type of a MAP message and the selective discardingcan be implemented in that the first gateway node MSEGA performs as afirewall towards the third domain PLMN-E.

FIG. 2 depicts an architecture of a gateway node for converting areceived MAP message obtaining a secured MAP message, and for extractingan unencrypted MAP message from a secured MAP message. The gateway nodecomprises a MAP protocol instance SMAPPI, which is adapted to processsecured and unsecured MAP messages. The MAP protocol instance SMAPPIcomprises a protocol machine for generating and answering to secured andunsecured MAP messages. The MAP protocol instance SMAPPI communicateswith a TCAP (transaction capabilities application part) protocolinstance TCAPPI and with a MAP user protocol-instance MAPUPI byexchanging appropriate service data units. The MAP user protocolinstance MAPUP is connected to an operation and maintenance unit OMUthat provides operation and maintenance for the gateway node. The TCAPprotocol instance TCAPPI is further connected to a SCCP (SignalingConnection Control Part) protocol instance SCCPPI. The SCCP protocolinstance SCCPPI is connected to other network nodes on which MAPprotocol instances are implemented for communicating using unsecured MAPmessages via the Zf interface ZFI. Furthermore the SCCP protocolinstance SCCPPI is connected to other network nodes on which MAPprotocol instances are implemented for communicating using unsecured MAPmessages via a network interface NI.

The MAP protocol instance SMAPPI is connected to a cryptography unit CU,that is adapted to encrypt a MAP message obtaining a secured MAPmessage. Furthermore the cryptography unit CU is adapted to decrypt asecured MAP message for obtaining content of a respective unencryptedMAP message. The cryptography unit CU is connected to a key exchangeunit KEU for being provided with keys for encryption and keys fordecryption. The key exchange unit KEU is connected to other networknodes that perform an administration of encryption and decryption keysvia a Zd interface ZDI. The key exchange unit KEU is connected to apolicy management unit PMU, that coordinates the negotiation ofprotection profiles and security associations for secure communicationchannels.

The policy management unit PMU is connected to a security policydatabase SPD and a security association database SAD for obtaininginformation needed for the negotiation of the protection profiles. Inthe security policy database SPD security policies to be applied for asecure communication channel are stored. Information on a level ofsecurity indicated for a particular domain can be stored in a securitydomain information unit SDIU and provided to the policy management unitPMU in a negotiation of a security policy. In a preferable embodiment asecurity policy to be applied towards a particular domain of thecommunication network can be configured independently from a configuringof a security policy towards another domain. A security policy cancomprise an indicating whether MAP application layer security is to beapplied towards a domain, an indicating whether unsecured transmissionof MAP messages is allowed or an indicating that no communication usingMAP messages is allowed towards a particular domain. A security policycan also comprise the security mechanisms, such as encryption orintegrity protection to be applied towards a particular domain.

Potential policies to be applied towards a domain can be preconfiguredand stored as potential protection profiles in the security policydatabase SPD. In the negotiation of a protection profile to be appliedtowards a domain the policy management unit PMU can access the securitydatabase SPD to request a preconfigured protection profile. When aprotection profile has been negotiated by the policy management unitPMU, security information to be used in a secure communication towards adomain is exchanged between the policy management unit PMU and asecurity database in that domain. Security information can comprise anencryption or a decryption key and an indication for an algorithm to beused in an encryption or a decryption. Security information is groupedin security associations and stored in the security association databaseSAD.

A database administration unit DAU is connected to the security policydatabase SPD and the security association database SAD such that thesecurity policy database SPD and the security association database SADcan be administrated by the database administration unit DAU.

The database administration unit DAU and the security domain informationunit IKEA can be controlled and configured using a user interface unitUI advantageously comprising a graphical user interface or a device forcommand line interpretation.

The MAP protocol instance SMAPPI is connected to a fallback store FBSthat stores for a particular domain an indication that a fallback to alower level of security than the configured level of security for theparticular domain is allowable. In a preferable embodiment of theinvention the allowing of the fallback to the lower level of security isconfigurable for one domain independently from an allowing of arespective fallback to a lower level of security for another domain.

If an unencrypted MAP message or a secured MAP message compliant to alower level of security than the preconfigured level of security for thedomain from that the secured MAP message was sent is received in the MAPprotocol instance SMAPPI, the MAP protocol instance SMAPPI can check thefallback store FBS whether a fallback to a lower level of security isallowed towards that domain. If a fallback to a lower level of securityis allowed towards the domain, the MAP message can be processedaccording to a level of security to which a fallback is allowed.

FIG. 3 depicts a sequence of decision steps and processing steps to beperformed by a gateway node when a request for an unsecuredcommunication channel using the MAP protocol is received in the gatewaynode. The decision steps described preferably comprise a querying to asecurity database comprised in or connected to the gateway node. Whenthe request for the dialogue initiation for the unsecured communicationchannel is received in the gateway node in an initiating processing stepPS0, the gateway node performs in a first decision step DS1 a check,whether a communication is allowed towards the domain from which therequest was issued. If a communication is not allowed, the request isdiscarded and logged by the gateway node in a first processing step PS1.

If a communication is allowed towards the domain from which the requestwas received, the gateway node performs in a second decision step DS2 acheck, whether an applying of MAP application layer security ismandatory according to a preconfigured level of security for acommunication towards the domain that issued the request for thedialogue initiation. If an applying of MAP application layer security isnot mandatory, the dialogue initiation is accepted in a secondprocessing step PS2.

If an applying of MAP application layer security is mandatory accordingto a preconfigured level of security, the gateway node performs in athird decision step DS3 a check, whether a fallback to a lower level ofsecurity than the preconfigured level is allowed towards the domain fromwhich the request was received. If a fallback to a lower level ofsecurity is allowed towards the domain, the dialogue initiation isaccepted in a third processing step PS3.

If a fallback to a lower level of security is not allowed, the gatewaynode performs in a fourth decision step DS4 a check, whether a securedtransmission channel is mandatory for the type of message to which thedialogue initiation referred. If a secured transmission channel is notmandatory for type of message, the dialogue initiation is accepted in afourth processing step PS4.

If a secured transmission channel is mandatory for the type of messageto which the dialogue initiation referred, the dialogue is aborted in afifth processing step PS5. The aborting of the dialogue advantageouslycomprises an outputting of reason for the aborting of the dialogue. Thereason for the aborting advantageously specifies that a transportprotection is not adequate for the type of message.

1. A telecommunication network with a first domain comprising: at leastone Mobile Application Part (MAP) protocol instance connected to agateway node, which is adapted to send and receive MAP messages andwhich is connectable to a second domain; wherein the gateway node isadapted to: receive a MAP message from the first domain; convert thereceived MAP message obtaining a secured MAP message; send the obtainedmessage towards the second domain; receive a secured MAP message fromthe second domain; extract an unsecured MAP message from the receivedsecured MAP message; and send the extracted message towards the firstdomain.
 2. The telecommunication network according to claim 1, whereinthe gateway node is connected to a third domain and wherein the gatewaynode performs a selective discarding of MAP messages received from thefirst domain and destined for the third domain and a selectivediscarding of MAP messages received from the third domain and destinedfor the first domain.
 3. The telecommunication network according toclaim 2, wherein the gateway node performs as a firewall towards thethird domain.
 4. The telecommunication network according to claim 1wherein the gateway node is connectable to different domains, and levelsof security are configurable for the different domains.
 5. Thetelecommunication network according to claim 4, wherein for a particulardomain a fallback to a lower level of security than the configured levelof security for the particular domain is allowable and wherein allowingthe fallback to the lower level of security is configurable for onedomain independently from a configuring of an allowing of a respectivefallback to a lower level of security level for another domain.
 6. Agateway node comprising an interface to a first domain of atelecommunication network for sending and receiving Mobile ApplicationPart (MAP) messages, the gateway node comprising: an interface to asecond domain of the telecommunication network for sending and receivingsecured MAP messages a conversion unit that is adapted to: receive a MAPmessage via the interface to the first domain, convert the received MAPmessage obtaining a secured MAP message, send the obtained message viathe interface towards the second domain, receive a secured MAP messagevia the interface to the second domain, extract an unsecured MAP messagefrom the received secured MAP message and send the extracted message viathe interface towards the first domain.
 7. The gateway node according toclaim 6, further comprising: an interface to a third domain for sendingand receiving MAP messages and a filtering unit adapted to perform aselective discarding of MAP messages.
 8. The gateway node according toclaim 7, wherein the gateway node performs as a firewall towards thethird domain.
 9. The gateway node according to claim 7, wherein thegateway node is connectable to different domains, and the gateway nodecomprises a security database for storing indications of levels ofsecurity for the different domains.
 10. The gateway node according toclaim 9, further comprising: a fallback store for storing for aparticular domain an indication that a fallback to a lower level ofsecurity than the configured level of security for the particular domainis allowable, and wherein allowing of the fallback to the lower level ofsecurity is configurable for one domain independently from an allowingof a respective fallback to a lower level of security for anotherdomain.